|
5 | 5 |
|
6 | 6 | import cachetools |
7 | 7 | import gidgethub |
| 8 | +from gidgethub import sansio |
8 | 9 |
|
9 | 10 | from django_github_app.github import AsyncGitHubAPI |
10 | 11 | from django_github_app.github import SyncGitHubAPI |
11 | 12 |
|
12 | 13 |
|
13 | | -class PermissionCacheKey(NamedTuple): |
14 | | - owner: str |
15 | | - repo: str |
16 | | - username: str |
17 | | - |
18 | | - |
19 | 14 | class Permission(int, Enum): |
20 | 15 | NONE = 0 |
21 | 16 | READ = 1 |
@@ -47,6 +42,12 @@ def from_string(cls, permission: str) -> Permission: |
47 | 42 | ) |
48 | 43 |
|
49 | 44 |
|
| 45 | +class PermissionCacheKey(NamedTuple): |
| 46 | + owner: str |
| 47 | + repo: str |
| 48 | + username: str |
| 49 | + |
| 50 | + |
50 | 51 | async def aget_user_permission( |
51 | 52 | gh: AsyncGitHubAPI, owner: str, repo: str, username: str |
52 | 53 | ) -> Permission: |
@@ -92,18 +93,121 @@ def get_user_permission( |
92 | 93 | try: |
93 | 94 | # Check if user is a collaborator and get their permission |
94 | 95 | data = gh.getitem(f"/repos/{owner}/{repo}/collaborators/{username}/permission") |
95 | | - permission_str = data.get("permission", "none") |
| 96 | + permission_str = data.get("permission", "none") # type: ignore[attr-defined] |
96 | 97 | permission = Permission.from_string(permission_str) |
97 | 98 | except gidgethub.HTTPException as e: |
98 | 99 | if e.status_code == 404: |
99 | 100 | # User is not a collaborator, they have read permission if repo is public |
100 | 101 | # Check if repo is public |
101 | 102 | try: |
102 | 103 | repo_data = gh.getitem(f"/repos/{owner}/{repo}") |
103 | | - if not repo_data.get("private", True): |
| 104 | + if not repo_data.get("private", True): # type: ignore[attr-defined] |
104 | 105 | permission = Permission.READ |
105 | 106 | except gidgethub.HTTPException: |
106 | 107 | pass |
107 | 108 |
|
108 | 109 | cache[cache_key] = permission |
109 | 110 | return permission |
| 111 | + |
| 112 | + |
| 113 | +class EventInfo(NamedTuple): |
| 114 | + comment_author: str | None |
| 115 | + owner: str | None |
| 116 | + repo: str | None |
| 117 | + |
| 118 | + @classmethod |
| 119 | + def from_event(cls, event: sansio.Event) -> EventInfo: |
| 120 | + comment_author = None |
| 121 | + owner = None |
| 122 | + repo = None |
| 123 | + |
| 124 | + if "comment" in event.data: |
| 125 | + comment_author = event.data["comment"]["user"]["login"] |
| 126 | + |
| 127 | + if "repository" in event.data: |
| 128 | + owner = event.data["repository"]["owner"]["login"] |
| 129 | + repo = event.data["repository"]["name"] |
| 130 | + |
| 131 | + return cls(comment_author=comment_author, owner=owner, repo=repo) |
| 132 | + |
| 133 | + |
| 134 | +class PermissionCheck(NamedTuple): |
| 135 | + has_permission: bool |
| 136 | + error_message: str | None |
| 137 | + |
| 138 | + |
| 139 | +PERMISSION_CHECK_ERROR_MESSAGE = """ |
| 140 | +❌ **Permission Denied** |
| 141 | +
|
| 142 | +@{comment_author}, you need at least **{required_permission}** permission to use this command. |
| 143 | +
|
| 144 | +Your current permission level: **{user_permission}** |
| 145 | +""" |
| 146 | + |
| 147 | + |
| 148 | +async def acheck_mention_permission( |
| 149 | + event: sansio.Event, gh: AsyncGitHubAPI, required_permission: Permission |
| 150 | +) -> PermissionCheck: |
| 151 | + comment_author, owner, repo = EventInfo.from_event(event) |
| 152 | + |
| 153 | + if not (comment_author and owner and repo): |
| 154 | + return PermissionCheck(has_permission=False, error_message=None) |
| 155 | + |
| 156 | + user_permission = await aget_user_permission(gh, owner, repo, comment_author) |
| 157 | + |
| 158 | + if user_permission >= required_permission: |
| 159 | + return PermissionCheck(has_permission=True, error_message=None) |
| 160 | + |
| 161 | + return PermissionCheck( |
| 162 | + has_permission=False, |
| 163 | + error_message=PERMISSION_CHECK_ERROR_MESSAGE.format( |
| 164 | + comment_author=comment_author, |
| 165 | + required_permission=required_permission.name.lower(), |
| 166 | + user_permission=user_permission.name.lower(), |
| 167 | + ), |
| 168 | + ) |
| 169 | + |
| 170 | + |
| 171 | +def check_mention_permission( |
| 172 | + event: sansio.Event, gh: SyncGitHubAPI, required_permission: Permission |
| 173 | +) -> PermissionCheck: |
| 174 | + comment_author, owner, repo = EventInfo.from_event(event) |
| 175 | + |
| 176 | + if not (comment_author and owner and repo): |
| 177 | + return PermissionCheck(has_permission=False, error_message=None) |
| 178 | + |
| 179 | + user_permission = get_user_permission(gh, owner, repo, comment_author) |
| 180 | + |
| 181 | + if user_permission >= required_permission: |
| 182 | + return PermissionCheck(has_permission=True, error_message=None) |
| 183 | + |
| 184 | + return PermissionCheck( |
| 185 | + has_permission=False, |
| 186 | + error_message=PERMISSION_CHECK_ERROR_MESSAGE.format( |
| 187 | + comment_author=comment_author, |
| 188 | + required_permission=required_permission.name.lower(), |
| 189 | + user_permission=user_permission.name.lower(), |
| 190 | + ), |
| 191 | + ) |
| 192 | + |
| 193 | + |
| 194 | +def get_comment_post_url(event: sansio.Event) -> str | None: |
| 195 | + if event.data.get("action") != "created": |
| 196 | + return None |
| 197 | + |
| 198 | + _, owner, repo = EventInfo.from_event(event) |
| 199 | + |
| 200 | + if not (owner and repo): |
| 201 | + return None |
| 202 | + |
| 203 | + if "issue" in event.data: |
| 204 | + issue_number = event.data["issue"]["number"] |
| 205 | + return f"/repos/{owner}/{repo}/issues/{issue_number}/comments" |
| 206 | + elif "pull_request" in event.data: |
| 207 | + pr_number = event.data["pull_request"]["number"] |
| 208 | + return f"/repos/{owner}/{repo}/issues/{pr_number}/comments" |
| 209 | + elif "commit_sha" in event.data: |
| 210 | + commit_sha = event.data["commit_sha"] |
| 211 | + return f"/repos/{owner}/{repo}/commits/{commit_sha}/comments" |
| 212 | + |
| 213 | + return None |
0 commit comments